A validator for Apache Wicket that checks if a given password has been pwned. The validator uses the free API of https://haveibeenpwned.com/ by @troyhunt to validate that the password has not been previously exposed in data breaches.
- Include maven dependency in your pom.xml
<dependency>
<groupId>de.martinspielmann.wicket</groupId>
<artifactId>wicket-pwnedpasswords-validator</artifactId>
<version>4.0.1</version>
</dependency>
- Add PwnedPasswordsValidator to your PasswordTextField
// just your every day registration form...
Form form = new Form("form");
add(form);
f.add(new FeedbackPanel("feedback"));
PasswordTextField password = new PasswordTextField("password", new Model<>(""));
form.add(password);
// and here it is:
password.add(new PwnedPasswordsValidator("YOUR-HIBP-API-KEY"));
- Maven (or download jar from Releases)
- Wicket 6, 7, 8
git clone https://github.com/pingunaut/wicket-pwnedpasswords-validator.git
cd wicket-pwnedpasswords-validator
mvn test
Please read CONTRIBUTING.md for details on our code of conduct, and the process for submitting pull requests to us.
We use SemVer for versioning. For the versions available, see the tags on this repository.
- Martin Spielmann - Initial work - pingunaut
See also the list of contributors who participated in this project.
This project is licensed under The Apache Software License, Version 2.0 - see the LICENSE.md file for details